################################################################################
DOCUMENT         : Active_Directory_Domain
VERSION          : 003.006.001
CHECKSUM         : 58ac1670352573336c2112f53dbb34ec3af265139b6c5b432bcd083661a2a6d4
MANUAL QUESTIONS : 19

IMPORTANT: Make sure to save the completed version of this file to: 
<SCC Install>/Resources/Content/Manual_Questions/Completed_Files

This file contains all of the non-automated STIG requirements found in the STIG.
Results from this file will be combined with automated checks in SCC to provide
complete STIG compliance results.

This file will be programmaticaly imported, so do not modify anything in this file
except for placing an '[X]' to select a Single answer, and entering text comments.

The list of questions is printed in order of severity, listing CAT I (High), then CAT II, etc..

################################################################################

QUESTION         : 1 of 19
TITLE            : CAT II, V-243468, SV-243468r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:501
RULE             : Administrators must have separate accounts specifically for managing domain member servers.
QUESTION_TEXT    : Review the membership groups in Active Directory Users and Computers.  Membership groups must be designated at the domain level specifically for domain member server administrators. Domain member server administrator groups and any accounts that are members of the groups must be documented with the IAO.  Each member server administrator must have a separate unique account specifically for managing member servers.  

If any account listed in a domain member server administrator group is a member of other administrator groups including the Enterprise Admins group, the Domain Admins group, or domain workstation administrator groups, this is a finding.

References:
V-36433
SV-47839
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 1 *******************************

QUESTION         : 2 of 19
TITLE            : CAT II, V-243469, SV-243469r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:701
RULE             : Administrators must have separate accounts specifically for managing domain workstations.
QUESTION_TEXT    : Review the membership groups in Active Directory Users and Computers.  Membership groups must be designated at the domain level specifically for domain workstation administrators. Domain workstation administrator groups and any accounts that are members of the groups must be documented with the IAO.  Each domain workstation administrator must have a separate unique account specifically for managing domain workstations.  

If any account listed in a domain workstation administrator group is a member of other administrator groups including the Enterprise Admins group, the Domain Admins group, or domain member server administrator groups, this is a finding.

References:
V-36434
SV-47840
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 2 *******************************

QUESTION         : 3 of 19
TITLE            : CAT II, V-243471, SV-243471r1186313, SRG-OS-000112
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1101
RULE             : Local administrator accounts on domain systems must not share the same password.
QUESTION_TEXT    : Verify local administrator accounts on domain systems are using unique passwords. If local administrator accounts on domain systems are sharing a password, this is a finding.

It is recommended to use Microsoft's Local Administrator Password Solution (LAPS), which provides an automated solution for maintaining and regularly changing a local administrator password for domain-joined systems. LAPS can manage a single local administrator account. The default is the built-in administrator account; however, it can be configured to manage an administrator account of a different name. If additional local administrator accounts exist across systems, the organization must have a process to require unique passwords on each system for the additional accounts.

The authorizing official (AO) may approve other automated solutions that provide this capability.

Open "Windows PowerShell".

Get-ADComputer -Filter * -Properties msLAPS-EncryptedPassword | Where-Object { $_."msLAPS-EncryptedPassword" -eq $null } | Select-Object Name

The newer "Windows LAPS" function stores the LAPS password in the object attribute "msLAPS-EncryptedPassword" as long as the "encrypted" option was selected when setting up the LAPS GPO settings. This will check that location. If "encrypted" wasn't enabled when setting up LAPS, then adjust the search command to be "msLAPS-Password" instead.

Review the returned list for validity.

If any active/deployed Windows systems that are not managed by another process to ensure unique passwords for local administrator accounts are listed, this is a finding.

If the query fails, the organization must demonstrate that passwords for local administrator accounts are properly managed to ensure unique passwords for each. If not, this is a finding.

References:
V-36438
SV-47844
CCI-001941
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 3 *******************************

QUESTION         : 4 of 19
TITLE            : CAT II, V-243472, SV-243472r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1301
RULE             : Separate smart cards must be used for Enterprise Admin (EA) and Domain Admin (DA) accounts from smart cards used for other accounts.
QUESTION_TEXT    : Verify separate smart cards are used for EA and DA accounts from smart cards used for other accounts.  EA and DA accounts may be on the same smart card but must be separate from any other accounts.  If separate smart cards for EA and DA accounts from other accounts are not used, this is a finding.

References:
V-43648
SV-56469
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 4 *******************************

QUESTION         : 5 of 19
TITLE            : CAT II, V-243475, SV-243475r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:1701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:1701
RULE             : Domain controllers must be blocked from Internet access.
QUESTION_TEXT    : Verify domain controllers are blocked from Internet access.  Various methods may be employed to accomplish this, such as restrictions at boundary firewalls, through proxy services, host based firewalls or IPsec.

Review the Internet access restrictions with the administrator.  If Internet access is not prevented, this is a finding.

If a critical function requires Internet access, this must be documented and approved by the organization.

References:
V-53727
SV-67945
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 5 *******************************

QUESTION         : 6 of 19
TITLE            : CAT II, V-243479, SV-243479r1153403, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:2501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:2501
RULE             : The Directory Service Restore Mode (DSRM) passwords must be changed on each Domain Controller (DC) at least annually. 
QUESTION_TEXT    : Verify the DSRM password for each DC is changed at least annually.

If logs are retained locally for a sufficient amount of time to capture the log event, the following command will indicate the password reset:
PS C:\> Get-WinEvent -FilterHashtable @{Logname='Security'; ID=4794} | Format-Table -Property TimeCreated, Message

TimeCreated                             Message
-----------                                      -------
10/29/2025 4:47:12 PM    An attempt was made to set the Directory Services Restore Mode...

If logs are not available, review the site processes around DSRM password reset to determine compliance.

If DSRM passwords are not changed for each DC in the domain at least annually, this is a finding.

References:
V-25840
SV-32179
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 6 *******************************

QUESTION         : 7 of 19
TITLE            : CAT II, V-243484, SV-243484r958482, SRG-OS-000104
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:3501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:3501
RULE             : Security identifiers (SIDs) must be configured to use only authentication data of directly trusted external or forest trust. 
QUESTION_TEXT    : Open "Active Directory Domains and Trusts". (Available from various menus or run "domain.msc".)

Right-click the domain in the left pane and select "Properties".

Select the "Trusts" tab.

Note any existing trusts and the type.

If no trusts exist, this is NA.

Access a command line and run the following command on the trusting domain:
"netdom trust <trusting domain> /d:<trusted domain> /quarantine"

If the result does not specify the following, this is a finding.

"SID filtering is enabled for this trust. Only SIDs from the trusted domain will be accepted for authorization data returned during authentication. SIDs from other domains will be removed."

If the trust type is Forest, run the following command on the trusting domain:
"netdom trust <trusting domain> /d:<trusted domain> /enablesidhistory"

If the result does not specify "SID history is disabled for this trust", this is a finding.

References:
V-8538
SV-9035
CCI-000764
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 7 *******************************

QUESTION         : 8 of 19
TITLE            : CAT II, V-243485, SV-243485r1117265, SRG-OS-000080
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:3701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:3701
RULE             : Selective Authentication must be enabled on outgoing forest trusts.
QUESTION_TEXT    : Open "Active Directory Domains and Trusts".  (Available from various menus or run "domain.msc".)
Right click the domain name in the left pane and select "Properties".
Select the "Trusts" tab.
For each outgoing forest trust, right-click the trust item and select "Properties".
Select the "Authentication" tab.

If the "Selective Authentication" option is not selected on every outgoing forest trust, this is a finding.

References:
V-8540
SV-9037
CCI-000213
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 8 *******************************

QUESTION         : 9 of 19
APPLICABILITY    : ReadOnlyDC
TITLE            : CAT II, V-243489, SV-243489r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4501
RULE             : Read-only Domain Controller (RODC) architecture and configuration must comply with directory services requirements.
QUESTION_TEXT    : 1. Verify that the site has applied the Network Infrastucture STIG to configure the VPN and IPSec. 

2. Verify that IPSec and other communications and security configurations for the management and replication of the RODC will be managed by use of the minimum required Group Policy Objects (GPOs).

3. Include an inspection of the RODC server in the DMZ when inspection for least privilege.

4. Verify that required patches and compatibility packs are installed if RODC is used with Windows 2003 (or earlier) clients.

5. If RODC server and configuration does not comply with requirements, then this is a finding.

References:
V-25997
SV-32648
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 9 *******************************

QUESTION         : 10 of 19
TITLE            : CAT II, V-243490, SV-243490r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4701
RULE             : Usage of administrative accounts must be monitored for suspicious and anomalous activity.
QUESTION_TEXT    : Verify account usage events for administrative accounts are being monitored.  This includes events related to approved administrative accounts as well as accounts being added to privileged groups such as Administrators, Domain and Enterprise Admins and other organization defined administrative groups.  Event monitoring may be implemented through various methods including log aggregation and the use of monitoring tools.

Monitor for the events listed below, at minimum.  If these events are not monitored, this is a finding.

Account Lockouts (Subcategory: User Account Management)
4740 - A user account is locked out.
User Added to Privileged Group (Subcategory: Security Group Management)
4728 - A member was added to a security-enabled global group.
4732 - A member was added to a security-enabled local group.
4756 - A member was added to a security-enabled universal group.
Successful User Account Login (Subcategory: Logon)
4624 - An account was successfully logged on.
Failed User Account Login (Subcategory: Logon)
4625 - An account failed to log on.
Account Login with Explicit Credentials (Subcategory: Logon)
4648 - A logon was attempted using explicit credentials.

References:
V-43712
SV-56533
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 10 *******************************

QUESTION         : 11 of 19
TITLE            : CAT II, V-243491, SV-243491r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4901
RULE             : Systems must be monitored for attempts to use local accounts to log on remotely from other systems.
QUESTION_TEXT    : Verify attempts to use local accounts to log on remotely from other systems are being monitored.  Event monitoring may be implemented through various methods including log aggregation and the use of monitoring tools.

Monitor for the events listed below.  If these events are not monitored, this is a finding.

More advanced filtering is necessary to obtain the pertinent information than just looking for event IDs.
Search for the event IDs listed with the following additional attributes:
Logon Type = 3 (Network)
Authentication Package Name = NTLM
Not a domain logon and not the ANONYMOUS LOGON account

Successful User Account Login (Subcategory: Logon)
4624 - An account was successfully logged on.
Failed User Account Login (Subcategory: Logon)
4625 - An account failed to log on.

References:
V-43713
SV-56534
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 11 *******************************

QUESTION         : 12 of 19
TITLE            : CAT II, V-243492, SV-243492r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:5101
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:5101
RULE             : Systems must be monitored for remote desktop logons.
QUESTION_TEXT    : Verify Remote Desktop logins are being monitored.  Event monitoring may be implemented through various methods including log aggregation and the use of monitoring tools.

Monitor for the events listed below.  If these events are not monitored, this is a finding.

More advanced filtering is necessary to obtain the pertinent information than just looking for event IDs.
Search for the event IDs listed with the following additional attributes:
Logon Type = 10 (RemoteInteractive)
Authentication Package Name = Negotiate

Successful User Account Login (Subcategory: Logon)
4624 - An account was successfully logged on.

References:
V-43714
SV-56535
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 12 *******************************

QUESTION         : 13 of 19
TITLE            : CAT II, V-243493, SV-243493r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:5301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:5301
RULE             : Active Directory data must be backed up daily for systems with a Risk Management Framework categorization for Availability of moderate or high.  Systems with a categorization of low must be backed up weekly.
QUESTION_TEXT    : Review the organization's procedures for the backing up active directory data.
Verify the frequency at which active directory data is backed up.
If the Availability categorization of the domain is low, this must be at least weekly.
If the Availability categorization of the domain is moderate or high, this must be at least daily.
Verify the type of backup is appropriate to capturing the directory data.  For AD domain controllers, this must include a System State data backup.

If any of these conditions are not met, this is a finding.

References:
V-25385
SV-31547
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 13 *******************************

QUESTION         : 14 of 19
TITLE            : CAT II, V-243495, SV-243495r958908, SRG-OS-000423
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:5701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:5701
RULE             : A VPN must be used to protect directory network traffic for directory service implementation spanning enclave boundaries.
QUESTION_TEXT    : 1. Review the site's network diagram(s) to determine if domain controllers for the domain are located in multiple enclaves. The object is to determine if network traffic is traversing enclave network boundaries.

2. Request information about RODC or ADAM instances are installed. In particular, request details of Active Diretory functionality installed or extended into the DMZ or configured/allowed to cross the sites outbound firewall boundary. Ensure communications and replication traffic is encrypted.

3. If domain controllers are not located in multiple enclaves, then this check is not applicable.

4. If domain controllers are located in multiple enclaves, verify that a VPN is used to transport the network traffic (replication, user logon, queries, etc.).

5. If a VPN solution is not used to transport directory network traffic across enclave boundaries, then this is a finding.

6. If the ADAM mode is in use and a migration plan for converting to RODC is not in place, then this is a finding.

References:
V-8522
SV-30991
CCI-002418
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 14 *******************************

QUESTION         : 15 of 19
TITLE            : CAT II, V-243496, SV-243496r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:5901
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:5901
RULE             : Accounts from outside directories that are not part of the same organization or are not subject to the same security policies must be removed from all highly privileged groups. 
QUESTION_TEXT    : 1. Start the Active Directory Users and Computers console (Start, Run, "dsa.msc").

2. Select and expand the left pane item that matches the name of the domain being reviewed.

3. Select the Built-in container. 
a. If the Incoming Forest Trust Builders group is defined, double-click on the group, and select the Members tab
b. Examine the defined accounts to see if they are from a domain that is not in the forest being reviewed.

4. Select the Users container
a. For each group (Domain Admins, Enterprise Admins, Schema Admins, and Group Policy Creator Owners), double-click on the group, and select the Members tab.
b. Examine the defined accounts to see if they are from a domain that is not in the forest being reviewed.

5. If any account in a privileged group is from a domain outside the forest being reviewed and that outside forest is not maintained by the same organization (e.g., enclave) or subject to the same security policies, then this is a finding.

Supplementary Notes:
Note: An account that is from an outside domain appears in the format "outside-domain-NetBIOSname\account" or "account@outside-domain-fully-qualified-name". Examples are "AOFN21\jsmit" or "jsmith@AOFN21.OST.COM". It may be necessary to use the AD Domains and Trusts (domain.msc) console to determine if the domain is from another AD forest.

Note:  It is possible to move the highly privileged AD security groups out of the AD Users container. If the Domain Admins, Enterprise Admins, Schema Admins, or Group Policy Creator Owners groups are not in the AD Users container, ask the SA for the new location and use that location for this check.

References:
V-8549
SV-31557
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 15 *******************************

QUESTION         : 16 of 19
TITLE            : CAT II, V-243498, SV-243498r958406, SRG-OS-000032
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:6301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:6301
RULE             : If a VPN is used in the AD implementation, the traffic must be inspected by the network Intrusion detection system (IDS).
QUESTION_TEXT    : 1. Interview the site representative. Ask about the location of the domain controllers. 

2. If domain controllers are not located in multiple enclaves, then this check is not applicable.

3. If domain controllers are located in multiple enclaves and a VPN is not used, then this check is not applicable.

4. If domain controllers are located in multiple enclaves and a VPN is used, review the site network diagram(s) with the SA, NSO, or network reviewer as required to determine if the AD network traffic is visible to a network or host IDS.

5. If the AD network traffic is not visible to a network or host IDS, then this is a finding.

References:
V-8523
SV-30994
CCI-000067
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 16 *******************************

QUESTION         : 17 of 19
TITLE            : CAT II, V-243500, SV-243500r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:6701
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:6701
RULE             : Active Directory must be supported by multiple domain controllers where the Risk Management Framework categorization for Availability is moderate or high.
QUESTION_TEXT    : Determine the Availability categorization information for the domain.
If the Availability categorization of the domain is low, this is NA.
If the Availability categorization of the domain is moderate or high, verify the domain is supported by more than one domain controller.
Start "Active Directory Users and Computers" (Available from various menus or run "dsa.msc").
Expand the left pane item that matches the domain being reviewed.
Select the Domain Controllers Organizational Unit (OU) in the left pane.

If there is only one domain controller in the OU, this is a finding.

References:
V-8524
SV-30996
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 17 *******************************

QUESTION         : 18 of 19
TITLE            : CAT III, V-243488, SV-243488r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:4301
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:4301
RULE             : User accounts with delegated authority must be removed from Windows built-in administrative groups or remove the delegated authority from the accounts.
QUESTION_TEXT    : 1. Interview the IAM or site representative and obtain the list of accounts that have been delegated AD object ownership or update permissions and that are not members of Windows built-in administrative groups.
(This includes accounts for help desk or support personnel who are not Administrators, but have authority in AD to maintain user accounts or printers.)

2. If accounts with delegated authority are defined and there is no list, then this is a finding.

3. Count the number of accounts on the list.

4. If the number of accounts with delegated authority is greater than 10, review the site documentation that justifies this number.  Validate that the IAM explicitly acknowledges the need to have a high number of privileged users.

5. If the number of accounts with delegated authority is greater than 10 and there is no statement in the documentation that justifies the number, then this is a finding.

References:
V-8521
SV-9018
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 18 *******************************

QUESTION         : 19 of 19
TITLE            : CAT III, V-243499, SV-243499r959010, SRG-OS-000480
TEST_ACTION_ID   : ocil:navy.navwar.niwcatlantic.scc.sql.server:testaction:6501
QUESTION_ID      : ocil:navy.navwar.niwcatlantic.scc.sql.server:question:6501
RULE             : Active Directory implementation information must be added to the organization contingency plan where the Risk Management Framework categorization for Availability is moderate or high.
QUESTION_TEXT    : Determine the Availability categorization information for the domain.
If the Availability categorization of the domain is low, this is NA.
If the Availability categorization of the domain is moderate or high, verify the organization's disaster recovery plans includes documentation on the AD hierarchy (forest, tree and domain structure).
 (A chart showing forest hierarchy and domain names is the minimum suggested.)

If the disaster recovery plans do not include directory hierarchy information, this is a finding.

References:
V-8525
SV-30995
CCI-000366
     ===========================================================================
     Select One of the following by entering an X in the brackets
     [ ] Finding
     [ ] Not a Finding
     [ ] Not Applicable
     [X] Not Reviewed
     Enter any comments : 

******************************* end of question 19 *******************************

